文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >如何在CUPS中启用对管理页的远程访问

如何在CUPS中启用对管理页的远程访问
EN

Server Fault用户
提问于 2017-03-04 12:37:08
回答 4查看 59.6K关注 0票数 11

我希望能够访问CUPS网络界面的管理页面。

我可以到达网页,我可以浏览大部分网站,但可悲的是,管理页仍然锁定在远程来源。

我确实设置了Allow from all,并且现在在任何地方都尝试了Allow all,但是我仍然无法访问这个页面。

我遗漏了什么?

Config文件

代码语言:javascript
复制
#
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Allow connection from remote hosts
Port 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols all

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow from all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow from all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Order allow,deny
  Allow from all
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
    Allow from all
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  <Limit All>
    Order deny,allow
    Allow from all
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Default
    Order deny,allow
    Allow from all
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

  <Limit All>
    Order deny,allow
    Allow from all
  </Limit>
</Policy>

Dockerfile

代码语言:javascript
复制
#
#   Add a Printer user
#
RUN useradd \
    --groups=sudo,lp,lpadmin \
    --create-home \
    --home-dir=/home/print \
    --shell=/bin/bash \
    print

#
#   Set the password for the printer user
#
RUN echo print:sdsds | chpasswd
cups
EN

回答 4

Server Fault用户

回答已采纳

发布于 2017-03-04 12:51:03

我要做的是在下面的</Policy>标记下面的块:

代码语言:javascript
复制
<Location />
    Order allow,deny
    Allow localhost
    Allow from 192.168.0.*
    Allow from 10.0.*.*
</Location>

Listen 0.0.0.0:631

特别是对于管理访问,普通配置通常有:

代码语言:javascript
复制
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>

为了创建一个合适的用户帐户,您只需要创建一个作为lpadmin组成员的用户(我建议您确实需要对管理部分进行某种操作):sudo useradd -g lpadmin cupsadmin,然后设置一个密码。

另见https://askubuntu.com/questions/387217/cups-admin-user-and-password-saucy

更新:下面应该作为一个起点来解决@DavidGatti最初提出的问题--它不像原始配置那样完整/粒度,但是可以重新添加策略配置。

然而,这个配置不使用@SYSTEM,而是接受任何本地的、有效的用户。配置的用例是在一个码头容器中运行CUPS,所以似乎最好避免需要任何“特殊”(除了用户有密码)来提供对CUPS的管理访问。

代码语言:javascript
复制
# Disable cups internal logging - use logrotate instead
MaxLogSize 0

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
#PageLogFormat

Listen /run/cups/cups.sock
Listen 0.0.0.0:631
Port 631

# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

# Restrict access to the server...
# This config allow anyone access to the WUI
<Location />
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
# Allows anyone to try and access admin pages.
# Any local user's credentials will be accepted
<Location /admin>
  AuthType Basic
  Require valid-user
  Allow all
  Order allow,deny
</Location>

# Restrict access to configuration files...
# Any local user's credentials will be accepted
<Location /admin/conf>
  AuthType Basic
  Require valid-user
  Allow all
  Order allow,deny
</Location>

# Restrict access to log files...
# Any local user's credentials will be accepted
<Location /admin/log>
  AuthType Basic
  Require valid-user
  Allow all
  Order allow,deny
</Location>

Browsing On

您可能还会在如何配置杯以允许远程打印与身份验证和本地打印无关?中找到一些不错的指示。

票数 9
EN

Server Fault用户

发布于 2020-05-30 10:19:12

如果您需要快速修复,而不需要技术细节,请使用以下命令

代码语言:javascript
复制
sudo cupsctl --remote-any
sudo /etc/init.d/cups restart
票数 11
EN

Server Fault用户

发布于 2017-09-15 18:58:54

代码语言:javascript
复制
Listen 0.0.0.0:631
Port 631

我尝试了各种解决方案,但是浏览器总是返回“连接拒绝”的消息,直到我像这样更改了我的cupsd.conf文件。

票数 1
EN
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://serverfault.com/questions/836266

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档